<html>
<head><meta charset="utf-8"><title>how-to-cope · t-lang/wg-unsafe-code-guidelines · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/index.html">t-lang/wg-unsafe-code-guidelines</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html">how-to-cope</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="132692621"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132692621" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132692621">(Aug 24 2018 at 12:03)</a>:</h4>
<p>So I was thinking about how to structure conversations and so forth. I wrote down some thoughts in this gist:</p>
<p><a href="https://gist.github.com/nikomatsakis/13d7232609e6f6f86e0e1d4cc0afec99" target="_blank" title="https://gist.github.com/nikomatsakis/13d7232609e6f6f86e0e1d4cc0afec99">https://gist.github.com/nikomatsakis/13d7232609e6f6f86e0e1d4cc0afec99</a></p>
<p>I'm curious for feedback!</p>



<a name="132692624"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132692624" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132692624">(Aug 24 2018 at 12:03)</a>:</h4>
<p>cc <span class="user-mention" data-user-id="120791">@RalfJ</span> <span class="user-mention" data-user-id="126854">@avadacatavra</span></p>



<a name="132692692"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132692692" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132692692">(Aug 24 2018 at 12:04)</a>:</h4>
<p>my goal was "lightweight process to allow us to actually make some progress" but my main concern is "overkill?"</p>



<a name="132693073"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132693073" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132693073">(Aug 24 2018 at 12:15)</a>:</h4>
<p>updated gist with an actual example a discussion proposal</p>



<a name="132693892"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132693892" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132693892">(Aug 24 2018 at 12:35)</a>:</h4>
<p>updated again</p>



<a name="132693911"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132693911" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132693911">(Aug 24 2018 at 12:36)</a>:</h4>
<p>ah, process...^^</p>



<a name="132693947"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132693947" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132693947">(Aug 24 2018 at 12:36)</a>:</h4>
<p>so would "validity of <code>&amp;mut T</code>" be a separate discussion from "validity of <code>i32</code>"?</p>



<a name="132693966"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132693966" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132693966">(Aug 24 2018 at 12:37)</a>:</h4>
<p>I envisioned that as a separate thread, but I'm open to suggestion</p>



<a name="132693969"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132693969" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132693969">(Aug 24 2018 at 12:37)</a>:</h4>
<p>it might be that we want fewer, coarser threads</p>



<a name="132693975"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132693975" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132693975">(Aug 24 2018 at 12:37)</a>:</h4>
<p>since a lot of times there is "cross-talk"</p>



<a name="132693978"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132693978" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132693978">(Aug 24 2018 at 12:37)</a>:</h4>
<p>thread = discussion?</p>



<a name="132693979"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132693979" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132693979">(Aug 24 2018 at 12:37)</a>:</h4>
<p>but one of the things I hoped with that process document was to allow us to customize this "per conversation", too</p>



<a name="132693981"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132693981" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132693981">(Aug 24 2018 at 12:37)</a>:</h4>
<p>hmm no I imagined "discussion" as a bundle of related threads :)</p>



<a name="132694021"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694021" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694021">(Aug 24 2018 at 12:38)</a>:</h4>
<p>I should probably make that clearer</p>



<a name="132694022"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694022" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> avadacatavra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694022">(Aug 24 2018 at 12:38)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> do you have a repo for the valgrind stuff? i think we should also have pointers to related projects</p>



<a name="132694027"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694027" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694027">(Aug 24 2018 at 12:38)</a>:</h4>
<p>"discussion area", perhaps</p>



<a name="132694041"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694041" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694041">(Aug 24 2018 at 12:38)</a>:</h4>
<p><span class="user-mention" data-user-id="120791">@RalfJ</span> did you look at <a href="https://github.com/nikomatsakis/unsafe-code-guidelines/blob/data-repr/reference/src/active_discussion/representation.md" target="_blank" title="https://github.com/nikomatsakis/unsafe-code-guidelines/blob/data-repr/reference/src/active_discussion/representation.md">my example proposal</a>?</p>



<a name="132694135"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694135" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> avadacatavra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694135">(Aug 24 2018 at 12:40)</a>:</h4>
<p><span class="user-mention" data-user-id="116009">@nikomatsakis</span> re "Relationship to Rust reference" it's not clear to me that the unsafe code guidelines document is the mdbook in the repo (which i'm assuming it is?)</p>



<a name="132694239"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694239" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> avadacatavra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694239">(Aug 24 2018 at 12:42)</a>:</h4>
<p>also--are we thinking next week for the official reboot launch discussion?</p>



<a name="132694355"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694355" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694355">(Aug 24 2018 at 12:45)</a>:</h4>
<p>yeah I should probably change the rpeo a bit to match</p>



<a name="132694359"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694359" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694359">(Aug 24 2018 at 12:45)</a>:</h4>
<p>but I meant the mdbook in the repo</p>



<a name="132694365"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694365" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694365">(Aug 24 2018 at 12:45)</a>:</h4>
<p>and probably the "active discussions" should <em>not</em> be part of the mdbook</p>



<a name="132694419"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694419" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694419">(Aug 24 2018 at 12:46)</a>:</h4>
<p><span class="user-mention" data-user-id="116009">@nikomatsakis</span> oO that's a HUGE amount of things discussed together</p>



<a name="132694424"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694424" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694424">(Aug 24 2018 at 12:46)</a>:</h4>
<p>TBH I would separate out safety invariants entierly</p>



<a name="132694427"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694427" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694427">(Aug 24 2018 at 12:46)</a>:</h4>
<p>I was wondering about that</p>



<a name="132694430"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694430" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694430">(Aug 24 2018 at 12:46)</a>:</h4>
<p>they need so much machinery to talk about precisely</p>



<a name="132694433"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694433" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694433">(Aug 24 2018 at 12:47)</a>:</h4>
<p>yeah</p>



<a name="132694439"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694439" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694439">(Aug 24 2018 at 12:47)</a>:</h4>
<p>seems good to me</p>



<a name="132694440"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694440" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694440">(Aug 24 2018 at 12:47)</a>:</h4>
<p>one thing I was thinking as I biked home is</p>



<a name="132694442"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694442" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694442">(Aug 24 2018 at 12:47)</a>:</h4>
<p>and we have a lock-in problem, where we cannot ever strneghten or weaken then -- and I still wonder if there is a mechanism to achiebve that</p>



<a name="132694443"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694443" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694443">(Aug 24 2018 at 12:47)</a>:</h4>
<p>it's also fine for there to be open issues accumulating thoughts (or threads, etc)</p>



<a name="132694449"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694449" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694449">(Aug 24 2018 at 12:47)</a>:</h4>
<p>but I'd prefer that I at least don't have to pay as much attention to those</p>



<a name="132694452"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694452" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694452">(Aug 24 2018 at 12:47)</a>:</h4>
<p>that is, the "this is the active area of discussion" idea is meant to help both steer but also ensure we make progress on <em>something</em> at any moment</p>



<a name="132694456"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694456" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694456">(Aug 24 2018 at 12:48)</a>:</h4>
<p>hehe</p>



<a name="132694498"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694498" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694498">(Aug 24 2018 at 12:48)</a>:</h4>
<p>(point being: if we accumualte thoughts about safety invariants as we go, we can note those down elsewhere)</p>



<a name="132694504"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694504" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694504">(Aug 24 2018 at 12:48)</a>:</h4>
<blockquote>
<p>and we have a lock-in problem, where we cannot ever strneghten or weaken then -- and I still wonder if there is a mechanism to achiebve that</p>
</blockquote>
<p>it seems to me that all invariants have some measure of this problem</p>



<a name="132694521"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694521" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694521">(Aug 24 2018 at 12:48)</a>:</h4>
<p>yeah seems okay to have a place</p>



<a name="132694523"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694523" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694523">(Aug 24 2018 at 12:48)</a>:</h4>
<p>that is, if we say that the validity invariant is X, then there will be safe code that maintains X; we can weaken X (which I guess is your point?)</p>



<a name="132694531"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694531" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694531">(Aug 24 2018 at 12:49)</a>:</h4>
<p>but we certainly can't <em>strengthen</em> X?</p>



<a name="132694532"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694532" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694532">(Aug 24 2018 at 12:49)</a>:</h4>
<p>but given how often people confuse these invariants, it should be somewhat separate</p>



<a name="132694533"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694533" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694533">(Aug 24 2018 at 12:49)</a>:</h4>
<p>I'm not convinced we can even weaken X really</p>



<a name="132694534"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694534" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694534">(Aug 24 2018 at 12:49)</a>:</h4>
<p>i.e., unsafe code might be doing things that are only correct if X is true</p>



<a name="132694535"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694535" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694535">(Aug 24 2018 at 12:49)</a>:</h4>
<p>yeah we can make more stuff valid is what I mean</p>



<a name="132694537"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694537" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694537">(Aug 24 2018 at 12:49)</a>:</h4>
<p>not the other way around of course</p>



<a name="132694541"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694541" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694541">(Aug 24 2018 at 12:49)</a>:</h4>
<p>but for safety we do not even have that</p>



<a name="132694544"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694544" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694544">(Aug 24 2018 at 12:49)</a>:</h4>
<p>I see, the reason being:</p>



<a name="132694545"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694545" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694545">(Aug 24 2018 at 12:49)</a>:</h4>
<p>unsafe code assumes (at boundaries) the the full safety invariant holds</p>



<a name="132694546"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694546" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694546">(Aug 24 2018 at 12:49)</a>:</h4>
<p>unsafe code has a manually written precondition</p>



<a name="132694591"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694591" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694591">(Aug 24 2018 at 12:50)</a>:</h4>
<p>and else that</p>



<a name="132694597"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694597" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694597">(Aug 24 2018 at 12:50)</a>:</h4>
<p>and if we make more things valid, previously calling that unsafe code with invalid things was UB</p>



<a name="132694598"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694598" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694598">(Aug 24 2018 at 12:50)</a>:</h4>
<p>right, ok I see</p>



<a name="132694599"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694599" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694599">(Aug 24 2018 at 12:50)</a>:</h4>
<p>and so we can do whatever</p>



<a name="132694606"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694606" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694606">(Aug 24 2018 at 12:50)</a>:</h4>
<p>in other words:</p>



<a name="132694607"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694607" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694607">(Aug 24 2018 at 12:50)</a>:</h4>
<p>basically wekaning validity only can affect programs that previously violated validity</p>



<a name="132694608"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694608" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694608">(Aug 24 2018 at 12:50)</a>:</h4>
<p>and those were UB</p>



<a name="132694610"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694610" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694610">(Aug 24 2018 at 12:50)</a>:</h4>
<p>if unsafe code is relying on the validity invariant holding</p>



<a name="132694617"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694617" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694617">(Aug 24 2018 at 12:50)</a>:</h4>
<p>that is (in principle, at least) something that would be stated by "copying" the current validity invariant as a precondition</p>



<a name="132694620"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694620" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694620">(Aug 24 2018 at 12:50)</a>:</h4>
<p><em>all</em> code is relying on the validity invariant holding. this is not even a question</p>



<a name="132694637"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694637" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694637">(Aug 24 2018 at 12:51)</a>:</h4>
<p>well, if we weakened it...</p>



<a name="132694639"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694639" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694639">(Aug 24 2018 at 12:51)</a>:</h4>
<p>that is, if we made more things valid</p>



<a name="132694640"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694640" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694640">(Aug 24 2018 at 12:51)</a>:</h4>
<p>ah I think I see what you mean</p>



<a name="132694647"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694647" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694647">(Aug 24 2018 at 12:51)</a>:</h4>
<p>yes. if unsafe code says "call me on any valid data", <em>that</em> cannot be weakened together with the actual validity the compiler relies on</p>



<a name="132694699"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694699" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694699">(Aug 24 2018 at 12:52)</a>:</h4>
<p>regarding the confusion of the two invariants, I am amazed people seemed to have picked up my terminology so I hope that helps a bit^^</p>



<a name="132694712"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694712" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694712">(Aug 24 2018 at 12:53)</a>:</h4>
<p>concrete example:</p>



<a name="132694715"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694715" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694715">(Aug 24 2018 at 12:53)</a>:</h4>
<p>if we said "from now on, <code>&amp;T</code> may be unaligned"</p>



<a name="132694717"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694717" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694717">(Aug 24 2018 at 12:53)</a>:</h4>
<p>we could adjust our codegen</p>



<a name="132694721"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694721" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694721">(Aug 24 2018 at 12:53)</a>:</h4>
<p>but others might still be using the old one</p>



<a name="132694769"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694769" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694769">(Aug 24 2018 at 12:54)</a>:</h4>
<p>(or packing things in the low bits)</p>



<a name="132694811"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694811" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694811">(Aug 24 2018 at 12:55)</a>:</h4>
<p>PS I think what we ought to do is to define not just one validity invariant</p>



<a name="132694829"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694829" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694829">(Aug 24 2018 at 12:56)</a>:</h4>
<p>well, it depends of course</p>



<a name="132694860"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694860" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694860">(Aug 24 2018 at 12:56)</a>:</h4>
<p>but we may find places where we say "you must guarantee this is true, but you can't rely on it being true"</p>



<a name="132694867"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132694867" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132694867">(Aug 24 2018 at 12:56)</a>:</h4>
<p>I think i'll bring this up on internals, a bit off topic  here :)</p>



<a name="132695009"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132695009" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132695009">(Aug 24 2018 at 12:59)</a>:</h4>
<p><a href="https://internals.rust-lang.org/t/two-kinds-of-invariants-safety-and-validity/8264/24?u=nikomatsakis" target="_blank" title="https://internals.rust-lang.org/t/two-kinds-of-invariants-safety-and-validity/8264/24?u=nikomatsakis">posted</a></p>



<a name="132695587"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132695587" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132695587">(Aug 24 2018 at 13:10)</a>:</h4>
<p>I have a hard time with those "must guarantee but cannot rely"</p>



<a name="132695594"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132695594" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132695594">(Aug 24 2018 at 13:11)</a>:</h4>
<p>how would a def.n of UB for that look like?</p>



<a name="132696023"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132696023" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> RalfJ <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132696023">(Aug 24 2018 at 13:19)</a>:</h4>
<p>^^</p>



<a name="132696108"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132696108" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> avadacatavra <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132696108">(Aug 24 2018 at 13:20)</a>:</h4>
<p>FYI: we can stick this poll into the announcement: <a href="https://doodle.com/poll/ruur88tf99stspzu#calendar" target="_blank" title="https://doodle.com/poll/ruur88tf99stspzu#calendar">https://doodle.com/poll/ruur88tf99stspzu#calendar</a></p>



<a name="132703115"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope/near/132703115" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/136281-t-lang/wg-unsafe-code-guidelines/topic/how-to-cope.html#132703115">(Aug 24 2018 at 15:47)</a>:</h4>
<p>posted: <a href="https://internals.rust-lang.org/t/proposal-for-unsafe-code-guidelines-process/8294/2" target="_blank" title="https://internals.rust-lang.org/t/proposal-for-unsafe-code-guidelines-process/8294/2">https://internals.rust-lang.org/t/proposal-for-unsafe-code-guidelines-process/8294/2</a></p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>